论文信息 - POSTER: A Comprehensive Study of Forged Certificates in the Wild

POSTER: A Comprehensive Study of Forged Certificates in the Wild

With the widespread use of SSL, many issues have been exposed as well. Forged certificates used for MITM attacks or proxies can make SSL encryption useless easily, leading to privacy disclosure and property loss of careless victims. In this paper, we implement a large scale of passive measurement of SSL/TLS and analyze the forged certificates in the wild comprehensively. We measured SSL/TLS connection for 16 months on two large research networks, which provided a total of 100 Gbps bandwidth. We gathered nearly 135 million leaf certificates and studied the forged ones. Our findings reveal main reasons of signing forged certificates, and show the preference of them. Finally, we find out several suspicious servers that might be used for MITM.

Gang Xiong | Junzheng Shi | Zigang Cao | Mingxin Cui

[1] J. Alex Halderman,et al. A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[2] Patrick Traynor,et al. Trust No One Else: Detecting MITM Attacks against SSL/TLS without Third-Parties , 2012, ESORICS.

[3] J. Alex Halderman,et al. Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[4] Georg Carle,et al. X.509 Forensics: Detecting and Localising the SSL/TLS Men-in-the-Middle , 2012, ESORICS.

[5] Georg Carle,et al. The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements , 2011, IMC '11.

[6] Collin Jackson,et al. Analyzing Forged SSL Certificates in the Wild , 2014, 2014 IEEE Symposium on Security and Privacy.